By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScript code that will be executed in a user's browser session in the context of the vulnerable site.